Card-not-present fraud is a growing threat to online or over-the-phone payments businesses. This type of fraud, also known as card-absent fraud, occurs when criminals use stolen card information to make unauthorized purchases without physically possessing the card.
As more commerce moves online and data breaches become increasingly common, CNP fraud can result in major revenue losses for merchants. This article provides an in-depth look at what defines CNP fraud, how it typically works, and, most importantly, key strategies and best practices businesses can employ to detect and prevent falling victim to it.
From leveraging tools like address verification to monitoring transactions for red flags, this article arms retailers with actionable tips to shield themselves. For any business accepting payments online or remotely, understanding the mechanics of CNP fraud and instituting robust fraud prevention measures is essential.
Definition of Card-Not-Present Fraud
Card-not-present transaction fraud, also known as card-absent fraud, is a type of credit card fraud where the criminal does not have physical possession of the victim’s card. Instead, they use the stolen card information to make fraudulent transactions online, by phone, or by mail. CNP fraud is a growing problem, as it is becoming increasingly easy for criminals to steal card information through data breaches, phishing scams, and malware.
Fraudsters often obtain credit card information through methods like phishing, where unsuspecting victims are tricked into providing their details, or through data breaches at companies where customer financial information is exposed. Once they have this information, they can easily make purchases or transactions online.
For businesses, CNP fraud can lead to significant financial losses, not only in terms of the fraudulent transaction itself but also in chargebacks, where the legitimate cardholder disputes the transaction. This type of fraud also undermines consumer confidence in online shopping and digital payment methods.
How Does Card Not Present Fraud Work?
Here’s how card-not-present fraud typically works:
- Obtaining card information: The fraudster first must obtain the cardholder’s information. Obtaining card information is possible through various means, such as phishing attacks, data breaches, skimming devices, or purchasing card details on the dark web.
- Making unauthorized transactions: Once they have the card details (card number, expiration date, CVV), the fraudster can use this information to make unauthorized purchases online or over the phone. Since the merchant cannot physically see the card or cardholder, using stolen card details in CNP transactions is easier.
- Lack of verification: In CNP transactions, the usual verification methods like PINs or signatures are not applicable. While some online merchants use additional verification methods like Address Verification System (AVS) or CVV checks, these are not foolproof.
- Exploiting weaknesses in merchant systems: Some fraudsters exploit weaknesses in a merchant’s online transaction processing systems. For instance, they might test card details on websites with weaker security to confirm if the card details are valid.
- Use of technology and software: Advanced fraudsters use sophisticated software and technology to automate CNP fraud on a large scale. Some of these technology and software include bots to test card details across various websites.
- Detection and chargebacks: Fraud is usually detected when the legitimate cardholder notices and reports unauthorized transactions. The merchant may then face chargebacks, where the transaction amount is returned to the cardholder, leaving the merchant at a loss.
Tips For Preventing Card Not Present Fraud
1. Analyze gift card transactions
Issue: Gift card fraud is a common aspect of CNP fraud. Fraudsters often use stolen credit card information to purchase gift cards, which can then be quickly sold for cash. This type of fraud is particularly challenging because it’s a fast process, often completed before the theft is detected.
Prevention strategy: Retailers should closely monitor gift card transactions. They should track how often gift cards are purchased by a single customer. They should also scrutinize gift card purchases made through new accounts or purchases involving a large volume of gift cards. Implementing additional verification steps for gift card purchases, such as two-factor authentication or manual review of high-risk transactions, can also be effective.
2. Leverage Address Verification Service (AVS)
Functionality: AVS is a tool used by credit card processors and issuing banks to verify that the billing address provided by the customer matches the address on file with the credit card company.
Benefits: By using AVS, retailers can reduce the likelihood of accepting fraudulent transactions. If there’s a mismatch in the addresses, it could be a red flag for potential fraud. However, retailers should be aware that AVS is not foolproof and should be used as part of a broader fraud prevention strategy.
3. Set purchase limits
Setting limits on the number and total value of transactions can be an effective way to mitigate risk. This is particularly useful in detecting and preventing large-scale fraud. Retailers can limit the number of transactions or total dollar amount allowed per day or account. For instance, limiting the number of high-value transactions within a short time frame can help identify and stop fraudulent activities.
4. Monitor for suspicious activity
Continuous vigilance: Continuously monitor customer transactions for anomalies that may indicate fraud. This can include multiple orders from the same IP address, rapid succession of orders, high-value orders, or orders shipped to addresses different from the billing address.
Automated tools and manual review: Employing automated fraud detection tools helps identify suspicious activities based on predefined parameters. However, manual review is also crucial, as it allows for investigating cases that might not be outright fraudulent but are unusual. Combining technology with human oversight provides a more robust defense against CNP fraud.
5. Look out for very small transactions
Small transactions are often overlooked as they seem insignificant. However, fraudsters commonly use these low-value purchases to test the validity of a stolen credit card. If the small transaction is successful, they gain confidence that the card is active and not yet reported, paving the way for larger fraudulent purchases. Implement monitoring systems that flag unusually small transactions, especially if they’re repetitive or follow a pattern. Retailers might also consider setting minimum transaction limits or adding additional verification steps for small purchases.
6. Educate your staff
Employees are often the first line of defense against fraud. Here are some specific topics to cover in your employee retail security awareness training:
- The different types of card-not-present fraud: Employees should be familiar with the different types of fraud, such as phishing, pharming, and malware.
- The signs of fraud: Employees should be able to identify the signs of fraud, such as unusual transactions, shipping addresses that don’t match the billing address, and multiple small transactions from the same card.
- How to report fraud: Employees should know how to report fraud to the appropriate person or department.
- How to handle customer inquiries about fraud: Employees should be able to answer customer questions about fraud in a calm and professional manner.
7. Keep software and systems updated
Establish a routine for regularly updating all software, including eCommerce platforms, payment gateways, and point of sale systems. Choose systems and service providers that comply with PCI DSS and provide regular updates and support.
How Can KORONA POS Help Retailers Retailers With Card-Not-Present Fraud?
To conduct online transactions, point of sale software is essential. However, POS software alone isn’t sufficient for processing online payments; a payment processor is also necessary. KORONA POS, while not a payment processor itself, is a versatile point of sale software that supports both online and in-store transactions.
KORONA POS offers an agnostic approach, allowing retailers the freedom to select from a diverse range of payment processors. This choice enables them to find a solution that best aligns with their requirements for security and cost-effectiveness. Such flexibility aids merchants in reducing expenses and safeguarding their businesses against fraud.
Additionally, KORONA POS boasts a network of reliable payment processors, each rigorously vetted for security and competitive pricing. Click below to learn more about how KORONA POS can help your business.